Report on EU practice for cyber security education

Transcription

1 Deliverable 1.2 Report on EU practice for cyber security education European Commission Tempus Project: This project has been funded with support from the European Commission. This publication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

2 Table of content 1. Introduction and preliminaries Principles for cybersecurity education Approaches to cybersecurity education Formal education on cybersecurity Bachelor study programmes Liverpool John Moores University, UK Petersburg National Research University of Information Technologies, Mechanics and Optics, Russia University of Science and Technology of China University of Maryland, University College, USA Sheridan University, Canada The University of South Wales (UNSW), Australia Master study programmes Tallinn University of Technology, Estonia University of Maryland Baltimore County (UMBC), Maryland, USA University of South Australia (UniSA), Australia University Great Britain, UK Tallinn University of Technology, Estonia University of Warwick Coventry, UK Doctoral study programmes University of Oxford, UK Royal Holloway University of London, UK De Montfort University in Leicester, UK George Mason University, USA Northcentral University (U.S.) The University of Rhode Island, USA University of Colorado, Colorado Springs, USA Technische Universität Darmstadt, Germany Gjøvik University College, Norway EURECOM, France Tallinn University of Technology, Estonia Informal education on cybersecurity Professional training Domain specific training... 32

5 1. Introduction and preliminaries 1.1 Principles for cybersecurity education Academic institutions are taking different approaches to cybersecurity education. Some believe in specializing early and focus more on the application of cybersecurity, making it a part of mainstream undergraduate education. Others aren t advocates of specialized undergraduate degrees and think it is more important to have a strong grounding in the fundamentals of computer science first. Existing cybersecurity educational programs, has some kind of limitations in focus and lack unity of efforts. In order to effectively ensure continued technical advantage and future cybersecurity challenges, education in cyber security should be developed over a technologically skilled and cyber workforce and an effective skills of the future experts. Current cyber security education can be divided into formal and informal approaches and other trainings. Formal approach could be conducted through the elementary education, high school education and university education (Bachelor, Master, PhD, etc.). Cyber security Bachelor programs are at the university level of studying, mostly within the discipline of Computer Security or Computing, with honour for cyber security. This study programs includes broad scale from courses in fundamental computer science principles to more specialized courses covering all aspects of information systems security. Programs on Master degrees include all aspects of defence of possible attacks that can be conduct through the network or directly to computer. Basically, these programs provide studying through the courses in the following areas: intrusion analysis and response, critical infrastructure and control system security, electronic evidence and presentations, information assurance and security, principles of communications networks, cyber security risks, secure software design, malware, cryptography, legal aspects of cyber security, etc. Some of the important characteristics of the formal educational Bachelor and Master programs in cybersecurity are: Interdisciplinary programs that cuts across different, but related fields especially computer science, engineering and management; Curriculum addresses both technical and theoretical issues in cybersecurity; Both undergraduate and graduate degree programs are offered; Faculty composed of leading practitioners and researchers in the field of cybersecurity and information assurance; Hands on learning environment where students and faculty work together on projects that address real life cybersecurity threats; Emphasis on learning outcomes as well as career and professional advancement; Courses on management, information security policy and other related topics essential to the effective governance of secure information systems; Graduates of programs are placed in private and public sector positions.

6 Bachelor degrees studies represent a serious challenge to enhance cybersecurity education. The curriculum for any computing major already has tight time allotments in cybersecurity knowledge and is balanced to the topics deemed essential in the curriculum. Master degrees are essential for providing a cybersecurity workforce with advanced capabilities. Building on a sound of Bachelor degree in computer science or related area, additional one or two years of education, could cover important technical cybersecurity topics. A MSc degree in cybersecurity in a two year timeframe allow suitably prepared graduates to master the knowledge, skills, and abilities specific to advanced topics in cybersecurity. A very adequate approach of universities would be to provide several MSc degree options addressing cybersecurity issues: 1. Cybersecurity for computing professionals Strongly technical cybersecurity specific degree programs focusing on cybersecurity built upon a rigorous undergraduate background in computer engineering, computer science, or software engineering. 2. Cybersecurity in society Master s programs in non computing disciplines that emphasize cybersecurity challenges and vulnerabilities and their implications for various professions, including law, business, economics, and medicine. 3. Cybersecurity operations Practical techniques and technologies for recognizing vulnerabilities and preventing security breaches. The aim of the informal cyber security education is to improve cyber security knowledge and skills of common people and it's not available at the academic level of studying. Usually it is organized through the courses, trainings, workshops, roundtables, online courses, popular science TV shows, etc. 1.2 Approaches to cybersecurity education The analysis focuses on cyber security education practice worldwide. The most developed programs are in the USA, where many Bachelor and Master Programs exist. Programs are drafted with special attention to different cyber security areas. On the other hand, some countries still don t have formal education at the university level for the cyber security, even if they are aware of the importance of developing educational capacities for cyber security. It is obvious that any academic program cannot on its own address the full range of trends, challenges, issues and differing perspectives. This is the aim of the leading cyber security education and practice to promote a collaborative approach and a long term focus. Bachelor study programs in cyber security usually last for three or four years, whereas the first three years focus on core studying and the fourth year is for specialization in specific areas. Master study programs in cyber security last for one year, ending with the Master thesis. Enrolment conditions for Master Studies request an appropriate previous education within the IT area and sometimes there are prerequisites such as specific courses that should be passed before enrolment. Approaches to formal education opportunities for students are critical to help building and shaping future cybersecurity capacities. This applies to students at all levels including colleges, undergraduate, graduate, and post graduate students. The aim is to make such educational opportunities available to every student.

7 Another, important approach to cybersecurity education is through the cyber competitions or participation in projects. Cyber competitions are interactive, scenario based that help participants develop cybersecurity skills and increase interest in cybersecurity careers. Cyber competitions foster talent in potential cybersecurity professionals who might otherwise be unidentifiable through traditional academic means, and encourage mentor led environment where participants can practice and hone their cybersecurity skills in a controlled, real world environment. Cyber security projects for university level students consist from a set of activities and programs tailored to prepare scientists and engineers to extend their focus beyond the laboratory. While the knowledge gained from project based research frequently advances a particular field of science. Such results may be translated into technologies with near term benefits for the economy and society. Combining experience and guidance from established entrepreneurs with a targeted curriculum, the project could be a public private partnership program that teaches grantees to identify valuable product opportunities that can emerge from academic research, and offers entrepreneurship training to student participants. Business and government could encourage and improve cyber expertise by funding scholarships to help students afford graduate level courses in cybersecurity. One more widely popular approach is Open online courses (OOC) aimed at large scale interactive participation and open access over the Internet. Anyone with an Internet connection could access OOCs teaching mathematics, computer science, technology, history and many other fields from top universities. OOCs are another resource that internet users can utilize to begin their career in cybersecurity. To become a cybersecurity professional, basic math, engineering and computer science skills need to be acquired. Recommendations for the general approaches and principles to cyber security education are: 1. Cybersecurity should evolve into a formal discipline in the curriculum similar to other existing disciplines; 2. Programs must teach a combination of theory and practice, and to have a holistic approach; 3. Cybersecurity should be taught in an integrated fashion, with all students learning basic principles and respect principle of the interdisciplinary; 4. Government and industry collaboration is extremely important; 5. Collaborative approach and long term focus. 2. Formal education in cybersecurity 2.1 Bachelor study programmes Examples of Bachelor study programs from EU countries, BRIC (Brazil, Russia, India and China), USA, Canada, Australia and Balkans are listed below Liverpool John Moores University, UK.

9 Computer science for security Level 4 WEB design and HCI 120 core credits at level 4 Introduction to computer programming Computing and society 0 option credits at level 4 0 elective credits at level 4 Computing in practice Computer systems The program is focused on the following topics: computer programming as applied to medium to large systems; software development process, including secure software development; awareness of professional and ethical issue Networking: internet protocol, networking, network investigations; programming fundamentals: software development process, syntax and semantics, problem analysis, testing, debugging; professionalism: organisational theory, management theory, professional ethics; IT infrastructure: hardware / network configurations, communication, types of systems, development tools, developing technologies; security: physical and logical security, legal issues, privacy, internet security, protection including forensics. The main competences of the programme are the development of computer science skills relating to information security, and the associated software engineering, management and analysis skills required to enact successful information security within networked computing environments. The main focuses of the program are: to provide students with the technical skills required for the development of cyber security software solutions; to enable he student to acquire the skills needed in the investigation of user requirements and the development of a suitable software design using the appropriate specifications and design methodologies; to prepare students with the management skills required to implement cyber security; to provide students with the knowledge of the wide range of issues involved in the implementation of cyber security, such as legal, ethical and privacy requirements. This study program has three levels of learning outcomes: FHEQ Level 4 Outcomes: Develop computer programs using elementary programming constructs; Apply a variety of tools and techniques for website design including Human Computer Interaction (HCI) principles; Discuss the technical challenges of social computing and investigate the ethical, commercial and economic issues within this field; Discuss a range of practical aspects of computing and apply the associated tools and techniques used in them; Discuss computer architecture at the hardware and software levels and basic security concepts;

10 On the completion of Level 4 of the programme, the student will have a good understanding of the basics of the field of computing; They will understand the different approaches required to solve computer based problems; They will have the skills and ability to communicate their ideas and take personal responsibility for their learning. FHEQ Level 5 Outcomes: Use object oriented design in formulating an implementation; Analyse the structure of computer networks, architectures and their protocols; Identify software security requirements and use secure development methods in an implementation; Provide evidence of experience in a number of information assurance methods (e.g. risk analysis). FHEQ Level 6 Outcomes: Develop a critical appreciation of cyber attackers and the related defence mechanisms; Demonstrate an understanding of the threats and vulnerabilities to networked systems; Demonstrate the fundamental technical concepts, implementation, and restrictions of network forensics; Develop practical and advanced research skills in cyber security. By the information based on statement of Jay Bavisi, president of EC Council Indian global certification and training organisation in information security, it seems there is no university or college in India which offers academic course covering the whole scale of cyber security in Bachelor program (The Hindu, December 2, 2013 ( Though the University Grants Commission (UGC) has asked the universities and colleges to prepare and offer a course in cyber security there is hardly any idea among the varsities on how to go about it Petersburg National Research University of Information Technologies, Mechanics and Optics, Russia Bachelor study programs in Organization and Information Security Technology and Information Saint at Petersburg National Research University of Information Technologies, Mechanics and Optics (level: university; discipline: Computing). Short overview of study program Department of Information Technology Security provides training in the speciality "Organization and Information Security Technology". Bachelors program in "Information Security" is focused on information security and protection of telecommunication computing systems, that includes: Analysis of the vulnerability of automated data processing systems and computer equipment; Design and development of secure information transmission systems; Certification of IT security and automated systems with the available means of protection for compliance with certain class of security; Threat assessment information and information threats; Monitoring information flows in a natural language in public telecommunication networks;

11 Methods for identification of users on the Internet; Methods of construction of intrusion detection systems and Methods of designing cryptographic computing systems that are resistant to current types of attacks. Department of Monitoring and Forecasting Information Threats provides and apply the methodology of address forecasting of threats to information technology systems operated on the basis of changes in the natural environment. The focus and competences are to evaluate the possible effects of information attacks on complex systems such as rocket and space, aviation technologies; submarines and surface ships; nuclear power plants and nuclear reactors; gas and oil pipelines, gas and oil complexes; position of chemical synthesis; rail, road, sea and air transport; urban communications, etc. Also, it provides competences to develop recommendations and arrangements for support of systems of taking decisions of managers at various levels to reduce the probability of emergency situations in the field of information security University of Science and Technology of China BSc program (level: university; discipline: Computer Science) The undergraduate program covers four academic years. Within the first two years, most courses focuses on the fundamental theories. For the next two years, the students have the option to choose different courses according to their own interests. Students may choose some courses from the following fields: High Performance Computing, Intelligent Science and Technology, Network and Security Computing, Computer Architecture, etc. The University of Science and Technology is known as the leading China's university in computer science, although don't have specific Bachelor programs on cyber security University of Maryland, University College, USA University of Maryland gives opportunity to students to choose from major or minor degree in cybersecurity. The curricula focuses on the techniques, policies, operational procedures, and technologies that secure and defend the availability, integrity, authentication, confidentiality, and nonrepudiation of information and information systems, in local as well as more broadly based domains. This program prepares graduates to be leaders in the protection of data assets. The major in cybersecurity focuses to protect an organization's critical information and assets by ethically integrating cybersecurity risk management and business continuity best practices throughout an enterprise, implement continuous network monitoring and provide real time security solutions, analyse advanced persistent threats and deploy countermeasures and conduct risk and vulnerability assessments of planned and installed information systems; participate in forensic analysis of cyber incidents and assist in recovery of operations; formulate, update, and communicate short and long term organizational cybersecurity strategies and policies. This degree prepares students for careers as information systems security professionals, senior system managers, and system administrators responsible for information systems and security of those systems. A degree with a major in cybersecurity requires the successful completion of 120 credits of coursework, including 33 credits for the major; 41 credits in general education requirements; and 46 credits in the minor, electives, and other degree requirements. At least 17 credits within the major must be earned in upper level courses (numbered 300 or above).

15 that most employers are looking for, like problem solving, in a way that makes their graduates highly flexible and widely sought after. The Computer Science degree is a three year program with an optional fourth year with Honours. The students who perform at a superior level within the first three years are eligible to enter the Honours year, which combines advanced coursework with research project and thesis. Both degrees have core common courses. However, there are many optional courses which offer the possibility to specialize a specific area. UNSW has a strong focus on Cyber Security combining advanced security theory with technical cyber attack and defence skills. They are known as the leading Australian university in cyber security training, despite not having specific Bachelor programs on cyber security. 2.2 Master study programmes Tallinn University of Technology, Estonia The programme is managed by Tallinn University of Technology (Estonia) and it is a joint programme with University of Tartu. [1] The international Master's programme with two main specialties Cyber Security and Digital Forensics provides students with core skills in wide aspects of the security of information systems and specialized skills in computer security incidents and crime evidence. Students get a unique chance to study under high level cyber security practitioners from Estonian banks, telecoms, law enforcement, CERT and the NATO Cooperative Cyber Defence Centre of Excellence. Cyber Security main speciality The programme conveys the specialist knowledge and professional skills needed on a career path leading to high end technical roles (e.g. security analyst, architect or research engineer) or managerial roles (e.g. project/team leader or technology officer). Great networking possibilities and collaboration with leading specialists in the field will present graduates with a range of career opportunities. Table 4: Cyber Security main speciality course structure MODULE: General studies 14.0 ECTS credits optional courses Technology and the individual: ethics of law and technology 3 Introduction to Entrepreneurship 4 Estonian Language and Culture I 3 Foreign Language for Science and Research 3 Techno psychology 4 Innovation and creative problem solving 3 ECTS

19 Master in Professional Studies (level: university; discipline: Information Cyber Security) The Master in Professional Studies is designed to prepare computer science, information systems, and other technology professionals working in the IT and cybersecurity fields to fill management and leadership roles in their organization. Multidisciplinary coursework blends practical management oriented courses with more technically focused courses, allowing students to develop a formal graduate educational program that best meets their individual career development needs. The ten course master s degree combines courses in cybersecurity strategy, policy, and management with more technical courses that allows students to develop a formal graduate educational program that best meets their individual career development needs. Table 6: Courses Degree Requirements Required Core Courses (21 credits) CYBR 620: Introduction to Cybersecurity CYBR 623: Cybersecurity Law & Policy CYBR 624: Cybersecurity Project CYBR 650: Cybersecurity Management ENMG 652: Management, Leadership, and Communication ENMG 658: Financial Management OR ENMG 672: Decision & Risk Analysis One additional related elective course approved by Cybersecurity Graduate Program Director Elective Courses (9 credits) University of South Australia (UniSA), Australia Master of Science in Cyber Security and Forensic Computing (level: university; discipline: Information Cyber Security) This program has been developed to meet the established Australian Law Enforcement demand for Master Degree level Information Assurance to establish expertise for the Australian courts. No other Master Degrees in Australia have been developed around these competencies. The suite of programs prepares students for the workplace by covering industry recommended competencies for Information Assurance, EE, FC and CIP professionals. This program undertakes an integrated research project. In some cases this project might focus on a real issue within employment. Graduates will have the skills to enter professions which may be found in law enforcement, federal and state government departments, defence, large accounting companies and banks. Some employment is available in small and medium enterprises but this is less common with the move towards IT outsourcing in general, security and forensic in particular. Applicants are required to have: A completed undergraduate degree from a recognised University in science, engineering or technology with an average of at least credit (65%); A completed Graduate Diploma in Science (Cyber Security and Forensic Computing), with an average of at least credit (65%) or equivalent.

20 In addition, applicants would normally have passed coursework with the following content: Computer programming Data modelling and database design Project management Table 7: Courses First Semester (Study Period 1 or 2) Electronic Evidence 1 Forensic Computing Electronic Evidence 2 Network and Internet Forensics Intrusion Analysis and Response Critical Infrastructure and Control System Security Second Semester (Study Period 5) Electronic Evidence Analysis and Presentation Information Assurance and Security e Crime, e Discovery and Forensic Readiness Software Security Lifecycle First Semester (Study Period 2), Second Semester (Study Period 5) CIS Research Methods Masters Computing Minor Thesis 1 Masters Computing Minor Thesis Lancaster University Great Britain, UK Master of Science in Cyber Security (level: university; discipline: Information Cyber Security) Taught within the context of Lancaster's Academic Centre of Excellence for Cyber Security, this Master s degree in Cyber Security adopts an interdisciplinary skills based approach to information security. As such, it has been designed to deliver the skills and knowledge necessary for the current and next generation of Cyber Security Specialists to deal with the challenges of an increasingly risky online world. The Master s degree blends world class academic teaching, research and the latest industry knowledge to deliver a comprehensive cutting edge postgraduate programme. Benefit from a unique multi disciplinary approach to the programme, drawing upon expertise from the University's departments of Applied Social Science, Psychology, Law, Politics, and the School of Computing and Communications. Enjoy a flexible range of study options. Study full time and gain mastery of the subject within one year, or part time on tailored programme over two/three years for students already working in industry. Study in block mode, which offers the luxury of focusing on one course at a time as a full time student spending a year on campus or convenience as a part time student balancing this course and your role in industry.

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing

identity MSc Cyber Security hacker virus QA is the foremost provider of education in the UK. We work with individuals at all stages of their careers, from our award-winning apprenticeship programmes, through

CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

The University of Texas at San Antonio 1 Department of Information Systems and Cyber Security All graduate programs in Information Systems and Cyber Security are accredited by AACSB International The Association

Bachelor of Information Technology Detailed Course Requirements The 2016 Monash University Handbook will be available from October 2015. This document contains interim 2016 course requirements information.

2004-2005 Catalog Addendum New Program Master of Science in Information Assurance This Walsh College Master of Science in Information Assurance degree combines theory with applied learning enabling security

Curriculum and Module Handbook Master s Degree Programme in Finance (Master of Science in Finance) 2015 1 September 2015 1 The curriculum was developed by the following University of Liechtenstein faculty

FACULTY OF HUMANITIES AND SOCIAL SCIENCES PROFESSIONAL DEGREES PROFESSIONAL DEGREES Degrees for an increasingly dynamic, competitive and multi-faceted workplace. The Professional Degree offerings are an

82 LAW A UOW Bachelor of Laws (LLB) degree provides an excellent foundation for a career in legal practice, and it also opens up a diverse range of other career options as well (see Graduate Destinations,

Master of Science in Information Technology (MS-IT) Program Objectives The primary aim of the program is to allow IT professionals an opportunity for professional upgrading or an extension of their qualifications

LONDON SCHOOL OF COMMERCE Programme Specification for the Cardiff Metropolitan University BSc (Hons) in Computing Contents Programme Aims and Objectives Programme Structure Programme Outcomes Mapping of

School of Natural and Built Environments The School of Natural and Built Environments (NBE) focuses on the unique relationships and synergies between natural and built environments, with a particular interest

The SANS Technology Institute makes shorter groups of courses available to students who are unable to commit to a full master s degree program. These certificate programs will augment your skills, provide

School of, Social Work and Human Sciences UG PG Our courses provide our students with an exciting and diverse education in scientific discovery and social and health studies, based at our Brentford site

Part-time MSc in Cyber Security from Northumbria University masters.qa.com Thank you for your interest in Northumbria University s part-time MSc in Cyber Security programme, delivered in Central London

School of Computing and Technology We offer employmentfocused education and research in computing, the built environment and engineering, giving our students industry-relevant skills and knowledge. Applied

Master of Science in Cyber Security and Management Introduction Realizing the importance of protecting her critical national information infrastructure, Malaysia has introduced the National Cyber Security

PROGRAMME SPECIFICATION KEY FACTS Programme name Engineering with Management and Entrepreneurship Award BEng (Hons) School School of Mathematics Computer Science and Engineering Department or equivalent

Doctor of Philosophy in Informatics 2014 Handbook Indiana University established the School of Informatics and Computing as a place where innovative multidisciplinary programs could thrive, a program where

The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

Faculty of Economics and Business University of Zagreb POSTGRADUATE (DOCTORAL) PROGRAMMES IN BUSINESS STUDIES AND ECONOMICS 1. INTRODUCTION 1.1. Reasons for establishing the studies Doctoral studies represent

215 REGULATIONS FOR THE DEGREE OF MASTER OF EDUCATION (MEd) (See also General Regulations) Any publication based on work approved for a higher degree should contain a reference to the effect that the work

Business HANNE AASEN Norway Master of Business Advanced graduate Studying an Advanced Masters Degree allowed me to specialise solely in my key interest, marketing. The subjects were both creative and practical,

Computer Security & Information Assurance MS Program in a Nutshell 2005-2006 Graduate Security and Information Assurance Program in a Nutshell Department of Computer Science Rochester Institute of Technology

Birmingham City University Faculty of Technology, Engineering and the Environment Undergraduate Programme Programme Specification Date of Course Approval/Review Version Number Version Date 7 May 2009 3.03

BACHELOR OF ENGINEERING WITH HONOURS IN INFORMATION AND COMMUNICATIONS TECHNOLOGY (INFORMATION SECURITY) Bachelor of Engineering with Honours in Information and Communications Technology (Information Security)

FACULTY OF POSTGRADUATESTUDIES Master of Science in Computer Engineering The Future University 2 Table of Contents: Page I. Introduction 1 II. Philosophy of the Program 2 III. Aims of the Program 2 IV.

School of Computing and Information Systems Master of Information Technology and Systems UNIVERSITY OF TASMANIA www.utas.edu.au/cis master of Information Technology and systems The Master of Information

Erik Jonsson School of Engineering and Computer Science Interdisciplinary Programs Software Engineering (B.S.S.E.) Goals of the Software Engineering Program The focus of the Software Engineering degree

FACULTY OF SOCIAL 93 SOCIAL DEGREES OFFERED Website: http://www.hku.hk/socsc/ Title Abbreviation to be used JUPAS Code in the application form Bachelor of Social Sciences BSS 6717 BSocSc Bachelor of Social